<?php
session_start();
require_once('bootstrap.php');

$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password="Bs377184"; // Mysql password 
$db_name="UDC"; // Database name 
$tbl_name="USER"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['login']; 
$mypassword=$_POST['password'];

/* To protect MySQL injection (more detail about MySQL injection)*/
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE EMAIL_ADDRESS='$myusername' and PASSWORD='$mypassword'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);

if($count==1){
session_register("myusername");
session_register("mypassword"); 
			session_regenerate_id();
			$member = mysql_fetch_assoc($result);
			$_SESSION['SESS_USER_ID'] = $member['USER_ID'];
			$_SESSION['SESS_FIRST_NAME'] = $member['FIRST_NAME'];
			$_SESSION['SESS_LAST_NAME'] = $member['LAST_NAME'];
			$_SESSION['SESS_EMAIL_ADDRESS'] = $member['EMAIL_ADDRESS'];
			session_write_close();                    
echo "success!";
header("location:members");
}
else {
echo "<center><p>Please check your Username and Password and try again</p>";
echo "<a href='index'><p>Go Back</p></a></center>";
}
?>